Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/pid_eins/statuses/111176013718266394">Lennart Poettering (pid_eins@mastodon.social)'s status on Wednesday, 04-Oct-2023 22:07:58 JST</a><a href="https://mastodon.social/@pid_eins" title="pid_eins@mastodon.social"><img src="https://gnusocial.jp/avatar/92094-48-20230126121211.webp" width="48" height="48" alt="Lennart Poettering" style="position: absolute; left: 0; top: 0;">Lennart Poettering</a></section><article><p>This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake: <a href="https://www.openwall.com/lists/oss-security/2023/10/03/2" rel="nofollow noreferrer">https://www.openwall.com/lists/oss-security/2023/10/03/2</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2137826#notice-4196512">In conversation</a><time datetime="2023-10-04T22:07:58+09:00" title="Wednesday, 04-Oct-2023 22:07:58 JST">about a year ago</time> <span>from <span><a href="https://mastodon.social/@pid_eins/111176013718266394" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@pid_eins/111176013718266394">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.openwall.com</div><h5><a href="https://www.openwall.com/lists/oss-security/2023/10/03/2">oss-security - CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Lennart Poettering (pid_eins@mastodon.social)'s status on Wednesday, 04-Oct-2023 22:07:58 JST Lennart Poettering
This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake: https://www.openwall.com/lists/oss-security/2023/10/03/2
In conversationabout a year ago from mastodon.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.openwall.com
  oss-security - CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so

Public

Embed Notice

HTML Code

Corresponding Notice